US20100030725A1 - Data triple user access - Google Patents

Data triple user access Download PDF

Info

Publication number
US20100030725A1
US20100030725A1 US12/531,749 US53174908A US2010030725A1 US 20100030725 A1 US20100030725 A1 US 20100030725A1 US 53174908 A US53174908 A US 53174908A US 2010030725 A1 US2010030725 A1 US 2010030725A1
Authority
US
United States
Prior art keywords
data
triples
directed graph
data triples
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/531,749
Other languages
English (en)
Inventor
Venura Chakri Mendis
Paul W. Foster
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
British Telecommunications PLC
Original Assignee
British Telecommunications PLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by British Telecommunications PLC filed Critical British Telecommunications PLC
Assigned to BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY reassignment BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: FOSTER, PAUL WILLIAM, MENDIS, VENURE CHAKRI
Publication of US20100030725A1 publication Critical patent/US20100030725A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9024Graphs; Linked lists

Definitions

  • the present invention relates to user access to data triples storage including the provision of directed graphs such as resource description framework (RDF) graphs.
  • directed graphs such as resource description framework (RDF) graphs.
  • the Resource Description Framework is a developing attempt at a standardized language and structure for the presentation of data or content on the World Wide Web (WWW). It is part of an attempt to distribute machine readable information throughout the WWW in order to enable enhanced machine to machine interaction, for example performing searches for relevant content automatically.
  • WWW World Wide Web
  • web pages present content in many different formats which are readable by a person, but only to a limited extent by a machine such as matching keywords.
  • websites are not searched semantically by a machine, many of the returned results will be irrelevant to a user's query. For example if a user wanted to find a specified car for sale in their home town, the search engine may return all websites including terms corresponding both to the specified car and the home town.
  • RDF provides a semantic format for linking two different content items—this is in the form of subject-predicate-object.
  • a subject specified car
  • object home town
  • predicate of relationship for example “is located in”. It then becomes possible to search for the relationship between the subject and the object, as well as the subject and object themselves.
  • RDF statements are stored as data triples—subject-predicate-object—but are typically represented in data models as directed graphs representing resources (subjects), their properties (predicates), and their property values (objects).
  • RDF data triples are typically stored in a relational database, but presented as RDF directed graphs with objects linked to a common subject by their respective predicates.
  • a system and method for processing and storing RDF data is described in US2004/0210552. “Nabu—A semantic Archive for XMPP Instant Messaging”, Frank Osterfeld, Malte Kiesel, Sven Schwarz, DFKI GmbH—Knowledge Management Dept, D-67663 Kaiserlautern, Germany, describes a system for logging and accessing Instant Messaging messages in an RDF format datastore.
  • RDF RDF-base Ontology Versioning System
  • RDF primer An RDF-base Ontology Versioning System
  • Max Volkel and Codza describes a versioning system for developing an RDF ontology for implementation in a database, in which newly modified versions of the ontology are merged with an existing version in order to create a latest version from which to begin further development work. Access to and merging of the versions is restricted in order to ensure data integrity.
  • RDF data triples Data mining of RDF data triples can be performed in order to generate further inferred data triples, that is further statements about relationships between subjects and objects that are not explicitly stated within the base or non-inferred data triples.
  • These inferred data triples are determined using inference rules applied to the base RDF data triples.
  • “An Approach to RDF(S) Query, Manipulation and Inference on Databases” Jing Lu, Yong Yu, Kewei Tu, Chenxi Lin, and Lei Zhang, APEX Data and Knowledge Management Lab, Shanghai Jiao Tong University, describes an approach to the storage, query, manipulation and inference of large (million-scale) RDF data on top of a relational database.
  • US2003/0074352A1 (Raboczi) describes a secure distributed database management query system.
  • One or more knowledge stores hold data in the form of statements that represent relationships between nodes in a directed graph data structure.
  • the statements in the database may include security information in the form of statements specifying which users are allowed access at a statement level.
  • the system includes a process of resolving queries by filtering the result against a FROM clause.
  • the FROM clause can also be used to implement access control for statements.
  • a FROM clause is a part of a query which designates the location of the data to be queried.
  • the FROM clause denotes a multiplicity of database servers which are queried simultaneously.
  • a database query may define a command to return all statements in which a given term is the object.
  • Part of the query specifies which database servers should be queried to find the answer.
  • the receiving server or query proxy
  • the process of joining result sets from database servers is appropriate since joining result sets is equivalent to performing a set union on a model representation of the result sets.
  • Each result is a set of statements upon which mathematical set operations can be performed.
  • Raboczi includes a query/inference engine which serves as a clearinghouse for queries made against one or more knowledge stores. Queries which include a FROM clause designating multiple database servers are split by the query/inference engine and new queries made from there to each of the designated servers. The query/inference engine is then responsible for receiving, combining and returning the results of the query to the user interface. Each query/inference engine can receive queries from a user interface inclusive of user authentication credentials. User authentication credentials are typically validated using an authentication database. For distributed queries, a given user's credentials will be validated independently by each local database system prior to the processing of a query. But Raboczi does not address the issue of storing inferences and there is no discussion of how or why this might be done or what the benefits might be.
  • the present inventors have realized that not only is persistence of inferred data an important tool, but also that there is benefit in storing such persisted inferred data in special ways and in treating such persisted inferred data in special ways, none of which are taught or suggested by Raboczi.
  • a computerized data processing method for providing access to data triples in the form subject-predicate-object comprising: persisting first data triples corresponding to/representing a first data triples directed graph in a datastore; persisting second data triples corresponding to/representing a second data triples directed graph in the datastore; storing, in association with the persisted second data triples user access control information for use in controlling access to said persisted second data triples; merging the first data triples and the second data triples to provide merged data triples corresponding to/representing a merged data triples directed graph in response to a user request having user request access control information corresponding to the user access control information associated with the second data triples directed graph; and, subject to satisfactory invocation of the user access control information in a user request for access to the merged data triples directed graph, providing the requested access.
  • a computerized data processing method for providing multiple user access to data triples in the form subject-predicate-object, for example RDF.
  • the method comprises persisting first data triples associated with a first data triples directed graph such as an RDF base graph in a datastore, and persisting second data triples associated with a second data triples directed graph such as an RDF inference graph in the datastore together with user access control information.
  • the second data triples directed graph is an inference graph, this refers to a data triples directed graph (e.g. RDF graph) which is derived from inference rules applied to the base data triples directed graph.
  • the user access control information can be used to restrict access to the second data triples, for example to the user that provided the second data triples.
  • the method then merges the first data triples directed graph and the second data triples directed graph to provide a merged data triples directed graph in response to a user request which corresponds to the user access control information associated with the second data triples directed graph.
  • Access to the merged data triples directed graph can then be restricted based on the user access control information. Therefore the base or first data triples directed graph may be provided to any of a number of users, however each user may have their own inference or second data triples directed graph which has restricted access and can be used to access inferred data triples from the user's inference rules. Persisting inferred data into a data base is more efficient than having to fire rules at the base data via a rules engine each time this inferred data is requested.
  • restricted access inference graphs means that the inference data triples from a user's inference rules can be persisted together with the base data triples, but at the same time ensuring differentiation between the base and inferred data triples in order to control user access to them.
  • Merging in this specification may include removing and modifying or replacing data triples, as well as adding data triples.
  • a data triple from the second data triples directed graph may cause the removal of a data triple from the first data triples directed graph so that it does not appear within the merged data triples directed graph which is accessible to the user.
  • access to the data triples directed graphs from the persisted data triples can be achieved using the Jena Interface—see http://jena.sourceforge.net.
  • the merge operation may be achieved in Jena using the standard Jena merge operation—which merely adds data triples-together with remove and modify or replace operations which may be implemented in Jena using the standard Jena rules engine, appropriately configured to remove and/or replace data triples from the first data triples directed graph according to rules based on the second data triples directed graph as would be appreciated by those skilled in the art.
  • Embodiments of the invention provide a framework in which it is possible to distinguish inferred or other distinct second data triples once it has been persisted with the base or first data triples. Furthermore, inferences or other added second data triples persisted at different times can be retrieved by allowed 3 rd parties as desired. This is accomplished by persisting both inference or other second data triples and respective access control information together each time new or modified inferred or other second data triples are persisted with the base or first data triples.
  • Embodiments of the invention enable application providers (users) to share the same common data (first data triples) but make their own inferences (second data triples) on that data and persist them in the same datastore. Restriction policy control information can be associated with the inferences such that the respective users can control who sees the inferred data, though not the base data.
  • both the base data and the inferred data can be made available to the provider or owner of the base data. This would give the base data provider a view of the inferred data that each of the users have generated, though not necessarily the inference rules used to generate these.
  • Distinguishing inferred data in the same datastore as the base data also enables branching where inference rules can be applied to existing inference graphs to produce another inference graph.
  • a server for providing multiple access to data triples in the form subject-predicate-object, the server comprising: a datastore persisting first data triples associated with a first data triples directed graph, and persisting second data triples associated with a second data triples directed graph together with user access control information; the server being arranged to merge the first data triples directed graph and the second data triples directed graph to provide a merged data triples directed graph in response to a user request having user request access control information corresponding to the user access control information associated with the second data triples directed graph, and to provide access to the merged data triples directed graph to a user associated with the user request.
  • a server for providing access to data triples in the form subject-predicate-object comprising: a data storage arrangement persisting first data triples representing a first data triples directed graph, and persisting second data triples representing a second data triples directed graph, the data storage arrangement also storing, in association with the second data triples, user access control information; the server being arranged to merge the first data triples directed graph and the second data triples directed graph to provide merged data triples representing a merged graph in response to a user request associated with user request access, control information corresponding to the user access control information associated with the second data triples directed graph, and to provide access to the merged data triples directed graph to a user associated with the user request.
  • FIG. 1 shows a system for providing multiple user access to a data triples database according to an embodiment
  • FIG. 2 shows an example RDF graph together with corresponding data triples
  • FIG. 3 shows the RDF graph of FIG. 2 with additional information derived from inference rules
  • FIG. 4 shows the system of FIG. 1 in more detail for receiving inference rules and using these to generate a (data triples directed) deduction graph from the a base graph;
  • FIG. 5 shows a method of receiving inference rules, generating and persisting a deduction graph generated from these rules, and updating the deduction graph;
  • FIG. 6 shows an RDF base graph together with three RDF inference graphs
  • FIG. 7 a shows data triples for one of the inference graphs of FIG. 6 ;
  • FIG. 7 b shows a merged graph following merging of the base graph and an inference graph of FIG. 6 ;
  • FIG. 8 shows a user access control node class for an inference graph in more detail
  • FIG. 9 shows the system of FIG. 1 in more detail for requesting access to a merged graph
  • FIG. 10 shows a method of requesting user access to an inference graph by merging with a base graph
  • FIG. 11 a shows a merged graph and a further inference gra ph
  • FIG. 11 b shows the merged graph following merging of the graphs of FIG. 11 a;
  • FIG. 12 shows a merged graph from the base graph and one of the inference graphs of FIG. 6 ;
  • FIG. 13 shows a merged graph from the base graph and a second of the inference graphs of FIG. 6 ;
  • FIG. 14 shows a merged graph from the base graph and the third of the inference graphs of FIG. 6 .
  • FIG. 1 shows a system for providing multiple user access to a data triples datastore according to an embodiment.
  • the system 100 comprises a number of users 105 such as application providers coupled to a multiple access server 115 over the Internet 110 .
  • the multiple access server 115 is coupled to a non-persisted memory 135 such as RAM and a datastore 120 having persisted memory 130 .
  • Persisted memory is memory that retains data indefinitely, or for longer than the process which created the data; for example an add or modify process carried out in the non-persisted memory 135 .
  • Non-persisted memory is working memory such as RAM which enables computational processes to be carried out, but which does not retain or store data indefinitely or for longer than the period for which the data is required by a process.
  • the persisted memory 130 stores an RFD triples database 140 , and an inference rules database 150 .
  • These databases are managed by one or more database management systems (DBMS) 125 as would be understood by those skilled in the art. Typically these databases will be relational databases; however alternative datastore types may be used. Furthermore, data triples other than RDF may be used.
  • DBMS database management systems
  • the RDF data triples database 140 comprises a number of RDF data triples. These data triples are typically presented to a user 105 as data triples directed graphs 145 which are generated by a process from the multiple access server 115 and carried out on the non-persisted memory 135 .
  • the Jena Interface can be used for this purpose, and which obtains the data triples relevant to a particular query from the underlying relational database, and presents them to the user as RDF graphs.
  • Jena is a Java framework for viewing, building and manipulating RDF data in RDF/XML, N3 and N-triples formats, and provides query and rules engine functionality. Jena provides input/output components that allows reading/writing a Jena model or directed graph into N3 or RDF/XML data triples.
  • Jena merge operation however is restricted to adding triples from the two merged graphs or models.
  • Jena is Open Source and has been developed from the HP Labs Semantic Web Programme. It can be used with OWL (Web Ontology Language) and is used for work with the Semantic Web. Jena is available to those skilled in the art together with further information at http://jena.sourceforge.net. Whilst Jena can be used in the embodiments to provide the basic operations such as add/remove/find statements or data triple, alternative RDF or other data triples interfaces could be used. Sesame is another Java based RDF interface, and Redland is a C++ based framework for manipulating RDF graphs.
  • FIG. 2 illustrates a simple set of RDF data triples 250 together with a corresponding data triples directed graph (RDF graph) 200 .
  • the set of RDF data triples 250 comprises a number of RDF data triples 270 each comprising a subject 255 , a predicate or relationship 260 and an object 265 .
  • Each set of RDF data triples 250 typically relates to a common subject ( 255 ) and may also include metadata (not shown) which is not shown to the user 105 but may be used in generating the RDF graph 200 and for other purposes in some embodiments as described further below.
  • Each of the data items ( 255 , 260 , 265 ) of each data triple 270 may be available on the WWW and identified by a globally unique identifier such as http//:bt.com/person#P — 1, also known as a URI (uniform resource identifier).
  • Each data triple 270 is in the form of subject-predicate-object and represents a relationship ( 260 ) between two data items ( 255 and 265 ).
  • the example data triples are here generated by a call service provider and represent a number of call histories (eg CallHistory#C — 1) together with a current call package (eg Weekend/OffPeak) for a particular call customer (eg Person#P — 1).
  • Each of the object data items 265 is related to the subject 255 by a standard or predetermined relationship or predicate 260 (eg hashistory or hasCurrentPackage).
  • a standard or predetermined relationship or predicate 260 eg hashistory or hasCurrentPackage.
  • predicate 260 eg hashistory or hasCurrentPackage.
  • the way in which these data ( 250 ) are modelled by application developers seeking to manage the data and provide searching functionality is by using data triples directed graphs 200 .
  • the RDF graph ( 200 ) of the example data triples set ( 250 ) comprises a subject node 205 corresponding to the subject data item 255 , and a number of object nodes 210 , 215 corresponding to the object data items 265 ; and which are linked back to the subject node 205 by respective predicate data 220 corresponding to the predicate data items 260 .
  • the subject and object nodes 205 , 210 , 215 may be instances of classes ( 205 , 210 ) or literals ( 215 ).
  • a class instance includes various properties such as required formats, allowed ranges, and the number and types of data contained by the class instance. For example a CallHistory class may require start time, call duration, destination, and tariff data. A literal typically requires only a single data triple or property, for example “Weekend/Offpeak Package”.
  • the RDF directed graphs 145 ( 200 ) are typically not persisted in the datastore 120 , but are available to the user 105 from the non-persisted memory 135 and are generated from respective data triples ( 250 ) as required by a user 105 , for example using Jena.
  • Base or first data triples ( 250 ) in the data triples database 140 are available to a number of users 105 .
  • a user 105 such as an application developer may wish to mine these base data triples ( 250 ) for additional implicit or inferred information, for example in order to identify relationships that may be useful for identifying new customer services that may be offered, or future network planning or network management.
  • a user may query the base or first data triples ( 250 ) in order to identify the most called destination from a customer's call histories.
  • These inferred or second data triples may also be stored or persisted in the data triples database 140 .
  • An example inferred data triple from the base data triples ( 250 ) of FIG. 2 is illustrated in FIG. 3 .
  • FIG. 3 shows an inferred or second data triple 300 , together with a corresponding second data triples directed graph 320 .
  • the inferred or second data triples directed graph is also known as an inference graph.
  • a merged data triples directed graph 350 is also shown, and represents a merging of the base or first data triples ( 250 ) with the inferred or second data triple 300 .
  • the process of merging RDF graphs includes adding objects such as the “Paris” literal 315 to the subject node 205 .
  • Merging as used for embodiments in this specification may also replace an object from a base or first RDF graph with an object from the second or inferred RDF graph and which has the same predicate data ( 220 , 320 ).
  • Merging may also result in the removal of an object node ( 210 , 215 , 315 ) and its predicate data ( 220 , 320 ) from its subject node ( 205 ).
  • object node 210 , 215 , 315
  • predicate data 220 , 320
  • the additional remove and replace operations of the merge to be used in the embodiments may be implemented in Jena using the Jena rules engine appropriately programmed to remove/replace data triples based on suitable rules as described in more detail below,
  • the data triples and metadata associated with this merged graph 350 are stored in the persisted memory 130 .
  • the merged graph 350 is automatically generated the next time the base graph 200 is requested.
  • this inferred data 300 is persisted to memory, it may become impossible to distinguish between the base and inferred data.
  • a user generating inference rules and resulting inferred data may wish to restrict access to this information rather than provide it to all other users. This may be overcome by maintaining separate versions of the base data triples and the inferred data triples, and merging this on request. However this requires extensive memory and data management.
  • FIG. 4 shows the system of FIG. 1 in more detail according to an embodiment.
  • the embodiment 400 receives inference rules 404 and uses these to generate an inference or second data triples directed graph 449 from the base or first data triples directed graph 447 .
  • the system 400 comprises a rules application programmer interface (API) 407 which provides an interface for a user 105 to interface in a predetermined way with the data triples stored on the datastore 120 .
  • the system also comprises a policy control and versioning function 412 , and a rules engine 417 .
  • API application programmer interface
  • the system also comprises a policy control and versioning function 412 , and a rules engine 417 .
  • These may be implemented using suitable program code executed on the non-persisted memory 135 by a processor within the server 115 .
  • Such suitable program code would typically be stored on persisted memory in the system or be retrievable from a remote persisted store, so that it could be instantiated in the non-persisted memory of the system.
  • a method of receiving and processing inference rules 500 and a method of updating inferred data 550 may be implemented by the API 407 , the policy control and versioning function 412 , and the rules engine 417 as described below. However the method may be implemented by different functional and/or hardware entities.
  • the rules API 407 initially receives the inference rules and user access control information from a user at step 505 .
  • the user access control information specifies which users have access to the inference rules and any inferred data generated from the inference rules. For example these inference rules and inferred data may be restricted to the author or user who provided them.
  • the user may specify other users that may have unrestricted access to the inference rules, for example to modify these rules or to process the latest base data triples with the inference rules.
  • This second user may alternatively be restricted to accessing the inferred data but not the inference rules.
  • APIs will be well known to those skilled in the art as providing a predetermined interface for inputting and outputting data, and passing instructions between internal and external processes, and are not further described here.
  • the inference rules are stored by the policy and versioning function 412 and associated with the user access control information at step 510 . This step may be implemented by storing the received inference rules in the persisted rules database 150 together with a security or restriction data item for each inference rule.
  • the policy and control versioning function 412 then receives or generates one or more first or base RDF graphs in the non-persisted memory 135 at step 515 .
  • This may be implemented by calling the Jena API in known manner and applying this to base or first data triples to which the current user 105 has access. It may be that the user is restricted by the base or first data triples provider, and/or the operator of the multiple access server 115 , to a sub-set of the base data triples.
  • the user may be an application developer for a telecommunications provider that is developing network management software.
  • the base data provider may therefore restrict access to customer payment histories or credit card details to the application developer whilst allowing the user access to customer call history data.
  • the rules engine 417 processes these base RDF graphs with the inference rules in order to generate inferred or second data triples at step 520 .
  • Various rules engines applicable to RDF or other data triples may be used; an example rules engine is the Jena general purpose rules engine which includes forward chaining, backward chaining, and hybrid rules engines. Other rules engines include Jess and Ilog
  • the inferred or second data triples are persisted in the datastore 120 by the policy control and versioning function 412 together with the user access control information at step 525 .
  • This may be achieved by storing the inferred data triples with proxy subject data items corresponding with the subject data items of the base graph. This is illustrated in the RDF graphs of FIG. 6 which shows a base graph 625 together with three inference graphs 630 a , 630 b , 630 c .
  • the inferred or second data triples directed graphs each have a user access control information node 635 a , 635 b , 635 c containing the relevant user access control information for the user that created the inferred data.
  • Each user access control information node 635 a , 635 b , 635 c is linked to a proxy subject data node 605 a , 605 b , 605 c with a data add ( 645 b ), modify ( 645 a ) or delete ( 1145 d ) merge operator.
  • Each proxy subject data node 605 a , 605 b , 605 c is linked to an inference object node 615 a , 615 b , 615 c by respective inference predicate data 650 a , 650 b , 650 c.
  • the user access control information node 635 a includes a link 640 a back to the subject node 205 in the base graph 625 corresponding to its proxy subject node 605 a .
  • Each inference graph 630 a is persisted in the datastore 120 as second data triples, typically one or a series of data triples using the proxy subject, predicate and object, as well as a user access control information having the proxy subject as its object together with a merging operation—add, modify, delete.
  • second data triples typically one or a series of data triples using the proxy subject, predicate and object, as well as a user access control information having the proxy subject as its object together with a merging operation—add, modify, delete.
  • the inference object node 615 c is linked to the subject node 205 by the inference predicate data 605 c in a merging of the inference graph 630 c and the base graph 625 .
  • the inference graph 630 a includes a modify merge operator 645 a
  • the inference object node 615 a linked to the proxy subject node 605 a by the inference predicate data 605 a replaces the object node 215 linked to the subject node 205 by the corresponding predicate data 220 in a merging of the inference graph 630 a and the base graph 625 .
  • the inference object node 1115 d linked to the proxy subject node 1105 a by the inference predicate data 1105 a removes the corresponding object node 215 linked to the subject node 205 by the corresponding predicate data 220 in a merging of the inference graph 1130 d and the base graph 625 .
  • FIG. 7 a shows second or inferred data triples 750 corresponding to one of the second data triples or inference graphs ( 630 a ) of FIG. 6 .
  • the second data triples 750 for this second data triples directed graph 630 a include a second data triple 770 relating the subject ( 205 ) of the base or first data triples graph 625 to user access control information ( 635 a ).
  • Further data triples 770 relate the user access control information ( 635 a ) to the proxy subject ( 605 a ) with a modify merge operator ( 645 a ) for the merging process, and the proxy subject ( 605 a ) to a modifying or inference object ( 615 a ) having an inference predicate ( 650 a ) matching or duplicated by predicate data ( 220 ) relating the subject node ( 205 ) to an object ( 215 ) in the first data triples ( 250 ).
  • the second data triples 750 are persisted in the data triples database 140 together with the first data triples ( 250 ), but they are not accessible by users of the system.
  • the base or first data triples can be persisted in the same database 140 as the inferred or second data triples, with both sets of data triples being merged in the non-persisted memory 135 to generate a merged graph which is accessible to a user with user access control information corresponding to the second data triples.
  • FIG. 7 b shows a merged graph 780 , the result of a merge between the base graph 625 and the first inference graph 630 a .
  • the subject node 205 of the base graph is retained, however the “current package” inference object 615 from the inference graph 630 a has modified or replaced the “current package” object 215 from the base graph 625 .
  • This merged graph 780 is then available to users ( 105 ) having user request access control information matching the user control access information associated with the inference data triples ( 770 ) of the first inference graph 630 a.
  • the base data triples ( 270 ) may be distinguished from the inferred data triples ( 770 ) by generating a merged graph ( 780 ) as required using the base graph ( 625 ) and an inferred graph ( 630 a ); access to the merged graph being determined by the user access control information.
  • FIG. 8 illustrates a user access control information node class 835 which may be used for instances of user access control information nodes 635 a , 635 b , 635 c and their respective data triples. Also indicated is a class of RDF subject node 805 which may be used for instances of subject nodes such as the subject node 205 of FIG. 6 .
  • This RDF subject node class is instanced by first data triples, and in addition to whatever data triples or properties it would normally have, includes an additional data triple or property 802 referring to the user access control information node class instance 635 a -hasInferrredGraph 640 a .
  • the user access control information class 835 includes various properties 804 such as merge operators and references to a proxy subject node as shown, and which will be persisted in the datastore 120 as corresponding second data triples.
  • the user access control information class 835 also includes access control information 806 used for restricting access to the inferred data such as proxy subject, inference object and inference predicate.
  • an inferred data triples updating method 550 is also shown. This may be performed by the policy control and versioning function 412 periodically.
  • the policy control and versioning function 412 receives or generates an RDF graph at step 555 .
  • the RDF data triples will be updated periodically by the system operator or service provider, for example adding new call histories, changes to customer details, new customers, network performance data and so on.
  • the inference or second data triples may be affected by these updates to the first or base data triples data; for example a customer's most called destination may change.
  • the policy control and versioning function 412 runs the rules engine again using the inference rules associated with the inferred data triples on the latest first or base data triples at step 560 . This generates new second or inferred data triples which the policy control and versioning function 412 persists in the datastore at step 565 , replacing the second data triples previously persisted. Referring to FIG. 6 , this might for example mean that the inferred data triples related to the most called destination of the customer change from Paris to London. The inference graph 630 c and associated triples would then be updated.
  • FIG. 9 shows the system of FIG. 1 in more detail according to an embodiment.
  • the embodiment 900 receives user requests 903 to access inferred or second data triples and/or graphs from a user 105 . These requests may include user request access control information for use in determining whether the user is permitted to access the requested inference data.
  • the embodiment 900 comprises a query application programmer interface (API) 907 which provides an interface for a user 105 to interface in a predetermined way with the data triples stored on the datastore 120 .
  • API application programmer interface
  • the system also comprises the policy control and versioning function 412 , a query engine 960 , and a merge engine 965 . These may be implemented using suitable program code executed on the non-persisted memory 135 by a processor within the server 115 .
  • the method of receiving and processing user queries 1000 may be implemented by the query API 907 , the policy control and versioning function 412 , the query engine 960 and the merge engine 965 as described below. However the method 1000 may be implemented by different functional and/or hardware entities.
  • the query API 907 initially receives a user request 903 including a query and user request access control information from a user at step 1005 .
  • the user request access control information is compared with user access control information for the requested inference data which specifies which users have access to the inferred or second data triples as previously described.
  • the user queries may simply request viewing the merged graph 952 resulting from the merging of the base or first data triples 447 and the inferred or second data triples 449 to which the user has access.
  • the data triples corresponding to the merged graph 952 may be downloaded by the user.
  • these merged data triples may be subjected to further queries, for example limited to a particular time period.
  • the user request 903 is processed by the query engine at step 1010 to determine which base graphs 447 and which inference graphs 449 or data are required. In some embodiments access by users to the base graphs may also be restricted.
  • the inference graphs 449 requested or to be queried may be identified in the user request 903 , or may simply be all those associated with the user, or a set of inference rules previously provided by the user.
  • the user request 903 includes user request access control information, for example a user identifier and a password.
  • the policy control and versioning function 412 determines whether this user request access control information ( 903 ) matches user access control information ( 806 , 645 a ) associated with the second data triples requested by the user at step 1015 .
  • This may be implemented by searching through the second data triples for data triples corresponding to the user control access information nodes 635 a , 635 b , 635 c of the requested inference graphs. If the user access control information matches ( 1015 Y) for each of these data triples, then these second data triples directed graphs 630 a , 630 b , 630 c may be received by the policy control and versioning function 412 at step 1025 .
  • the second data triples directed graphs requested in the user request 903 do not match the user access control information ( 1015 N)
  • either these requested inference graphs are not received (at 1025 ), though others may be, or a failed access error message is sent to the user by the query API 907 at step 1020 .
  • the base and inferred graphs are received by the policy control and versioning function 412 at step 1025 from the respective first and second data triples in the data triples database 140 as previously described.
  • the policy control and versioning function 412 then calls the merge engine 965 which merges the base graph 447 and one or more inferred graphs 449 at step 1030 .
  • merging may result in the addition of relationships (inferred object nodes and respective inferred predicate data) to the subject node of each base graph, the modification of object-predicate pairs in the base graph, or the deletion of object-predicate pairs from the base graph.
  • This results in a merged graph 952 for example as described with respect to FIG. 7 b .
  • the merged graph 952 is retained in non-persisted memory 135 .
  • Jena is used to access the first (base) and second (inferred) data triples directed graphs, and to merge these two RDF graphs.
  • the Jena merge operation is a simple add operation, and so the Jena rules engine is used to also include remove and replace operations.
  • the proxy subject node(s) 605 a , 605 b , 605 c associated with the user access control nodes 635 a , 635 b , 635 c are identified and their respective predicate data 645 a , 645 b , 645 c used to determine the appropriate merge operation or rule (add, replace, remove) for the first graph 625 .
  • the Jena rules engine may search for the data triple corresponding to the proxy node 605 a and predicate data 650 a in the first data triples directed graph 625 , and modify or replace the object 215 in this data triple with the inference object 615 a .
  • the rules engine then removes the user access control node 635 a , merge operation 645 a , proxy subject node 605 a and duplicate predicate data 650 a to generate a merged graph from the base graph 625 and the inference graph 630 a.
  • the query engine 960 queries the merged graph 952 in accordance with the user request at step 1035 , for example simply displaying the merged graph 952 , presenting the merged graph or corresponding data triples filtered for time or other factors, or forwarding the data triples corresponding to this merged graph 952 to the user.
  • the first and second data triples corresponding to the base and inferred graphs respectively are persisted unchanged in the persisted memory 130 , and the user is not given access to this persisted memory 130 .
  • the various user access control information and many of the second data triples used to generate the merged graph are hidden from the user, and only used for internal representation of the inferred relationships.
  • the merging of graphs may be done in a chain of inference graphs as illustrated in FIG. 11 .
  • a previously merged graph 1125 is used as the base graph for the next merge operation.
  • the base graph 1125 of FIG. 11 has been merged from the base graph 625 and the third inference graph 630 c of FIG. 6 .
  • This new base graph 1125 is to be merged with a new inference graph 1130 d which includes a remove merge operation 1145 d .
  • the merging of these two graphs ( 1125 , 1130 d ) results in the second merged graph 1180 in which the “weekend/offpeak package” object node 215 of the base graph 1125 has been removed by action of the merge operation 1145 d in the inference graph 1130 d .
  • a further series of merging with additional inference graphs could be performed to obtain a final merged graph which is accessible to the user.
  • FIG. 12 illustrates a merged graph 1200 resulting from merging of the base graph 625 and the first inference graph 630 a of FIG. 6 .
  • FIG. 13 illustrates a merged graph 1300 resulting from merging of the base graph 1200 of FIG. 12 and the second inference graph 630 b of FIG. 6 .
  • FIG. 14 illustrates a merged graph 1400 resulting from merging of the base graph 625 and the third inference graph 630 c of FIG. 6 .
  • the inference graphs 630 a , 630 b and 630 c belong to different users, the respective users will only be entitled to their corresponding (final) merged graphs 1300 and 1400 respectively.
  • the telecoms company creates and owns inference graphs A and B ( 630 a and 630 b from FIG. 6 ). This company wishes to improve their service by automatically changing their customers calling package based on their customers monthly calling history. In addition to this their ‘Peaktime Package’ has a frequent caller option they wish to populate automatically. The rules they used to generate this are below.
  • inference graph A ( 630 a )
  • base data 625
  • inference graph B ( 630 b ) the following rules are applied to inference graph A: 1) If hasCurrentPackage property equals ‘Peaktime Package’ add a new property hasFrequentPeakTimeCaller that references the most frequently contacted Person in the users call history.
  • the Travel company owns and creates Inference Graph C ( 630 c ). They wish to customize the homepage for each of their customers. One aspect of this is to generate an advert for discount travel destinations based on the international calls made by their customers. The rules used to accomplish this are shown below.
  • inference graph C ( 630 c )
  • the following rules are applied to the base data ( 625 ): 1) Add new property ‘hasPreferredDiscountDestination’ that references the most frequently called foreign destination.
  • the embodiment offers a mechanism for facilitating novel commercial relationships between various parties involved in the generation of the base data (a customer say), application providers or users (a travel company wishing to sell to the base data provider), and the data storage provider (for example a telephone company) which hosts the base data as well as the inferred data generated by the application providers.
  • the users eg travel company
  • the users can generate inferred data about the base data provider (eg customer) which is made available to the base data provider who may provide feedback about its accuracy.
  • the user's or application providers may then refine their inference rules based on this feedback, without exposing the inference rules themselves.
  • the embodiments enable new revenue from a novel business model in that a data storage service provider hosts 3 rd party data (from the base data provider) and manages other 3 rd party application provider's (users) access to this data and any inferred data which they generate.
  • This new or inferred information is still held in the data storage service provider's datastore.
  • the rules used by users need not be exposed, so that the users can essentially commoditise the inferred data without divulging how this data was generated.
  • the inference rules needs to generate the inference data can be maintained secret, thus protecting their revenue stream as they may provide further inferred data using these rules on different or updated base data, at a further cost.
  • specific 3 rd party application provider inferred data is easily removed from the original RDF data.
  • processor control code for example on a carrier medium such as a disk, CD- or DVD-ROM, programmed memory such as read only memory (Firmware), or on a data carrier such as an optical or electrical signal carrier.
  • a carrier medium such as a disk, CD- or DVD-ROM
  • programmed memory such as read only memory (Firmware)
  • a data carrier such as an optical or electrical signal carrier.
  • embodiments of the invention may be implemented on a DSP (Digital Signal Processor), ASIC (Application Specific Integrated Circuit) or FPGA (Field Programmable Gate Array).
  • the code may comprise conventional programme code or microcode or, for example code for setting up or controlling an ASIC or FPGA.
  • the code may also comprise code for dynamically configuring re-configurable apparatus such as re-programmable logic gate arrays.
  • the code may comprise code for a hardware description language such as VerilogTM or VHDL (Very high speed integrated circuit Hardware Description Language).
  • VerilogTM Very high speed integrated circuit Hardware Description Language
  • VHDL Very high speed integrated circuit Hardware Description Language
  • the code may be distributed between a plurality of coupled components in communication with one another.
  • the embodiments may also be implemented using code running on a field-(re)programmable analogue array or similar device in order to configure analogue hardware.
  • a computerized data processing method for providing multiple access to data triples in the form subject-predicate-object, the method comprising: persisting first data triples associated with a first data triples directed graph in a datastore; persisting second data triples associated with a second data triples directed graph in the datastore together with user access control information; merging the first data triples directed graph and the second data triples directed graph to provide a merged data triples directed graph in response to a user request having user request access control information corresponding to the user access control information associated with the second data triples directed graph; and providing access to the merged data triples directed graph to a user associated with the user request.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
US12/531,749 2007-03-19 2008-03-14 Data triple user access Abandoned US20100030725A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP07251138A EP1973053A1 (fr) 2007-03-19 2007-03-19 Accès multi-utilisateur pour données triples
EP09251138.9 2007-03-19
PCT/GB2008/000929 WO2008113993A1 (fr) 2007-03-19 2008-03-14 Accès utilisateur à des triplets de données

Publications (1)

Publication Number Publication Date
US20100030725A1 true US20100030725A1 (en) 2010-02-04

Family

ID=38234458

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/531,749 Abandoned US20100030725A1 (en) 2007-03-19 2008-03-14 Data triple user access

Country Status (3)

Country Link
US (1) US20100030725A1 (fr)
EP (2) EP1973053A1 (fr)
WO (1) WO2008113993A1 (fr)

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090119300A1 (en) * 2007-11-01 2009-05-07 Sun Microsystems, Inc. Technique for editing centralized digitally encoded information
US20110119310A1 (en) * 2009-11-18 2011-05-19 Oracle International Corporation Incremental inference
US20110302180A1 (en) * 2010-03-15 2011-12-08 DynamicOps, Inc. Computer relational database method and system having role based access control
WO2012093198A1 (fr) * 2011-01-03 2012-07-12 Nokia Corporation Méthode et appareil fournissant une protection contre les ontologies malicieuses
US20120221555A1 (en) * 2011-02-28 2012-08-30 International Business Machines Corporation Generating a semantic graph relating information assets using feedback re-enforced search and navigation
US20120265773A1 (en) * 2011-04-12 2012-10-18 Microsoft Corporation Query-based diagrammatic presentation of data
US20120303678A1 (en) * 2008-05-23 2012-11-29 Nokia Corporation Apparatus, method and computer program product for processing resource description framework statements
US20130290253A1 (en) * 2012-04-30 2013-10-31 International Business Machines Corporation Data index using a linked data standard
US20140067762A1 (en) * 2012-02-23 2014-03-06 Fujitsu Limited Database controller, method, and system for storing encoded triples
US8688612B2 (en) * 2010-11-02 2014-04-01 Korea Institute Of Science & Technology Information Method and device for saving triple for verifying reason and incremental reasoning, and method and device for reason-dependent indexing appropriate for same
US20140108414A1 (en) * 2012-10-12 2014-04-17 Architecture Technology Corporation Scalable distributed processing of rdf data
CN104361017A (zh) * 2014-10-17 2015-02-18 同济大学 一种基于统一语义理解的交通信息处理方法
CN105637542A (zh) * 2014-01-07 2016-06-01 富士施乐株式会社 信息处理装置、信息处理程序、存储介质及信息处理方法
US20170060542A1 (en) * 2015-08-25 2017-03-02 Cognizant Technology Solutions India Pvt. Ltd. System and method for efficiently managing enterprise architecture using resource description framework
US9646110B2 (en) 2011-02-28 2017-05-09 International Business Machines Corporation Managing information assets using feedback re-enforced search and navigation
USRE46690E1 (en) * 2009-05-29 2018-01-30 Nokia Technologies Oy Method and system of splitting and merging information spaces
US10042836B1 (en) * 2012-04-30 2018-08-07 Intuit Inc. Semantic knowledge base for tax preparation
CN109937402A (zh) * 2016-11-04 2019-06-25 微软技术许可有限责任公司 使用回调通知进行数据的出口和入口
US10402408B2 (en) 2016-11-04 2019-09-03 Microsoft Technology Licensing, Llc Versioning of inferred data in an enriched isolated collection of resources and relationships
US20190312881A1 (en) * 2017-04-10 2019-10-10 Dipankar Dasgupta Multi-user permission strategy to access sensitive information
US10452672B2 (en) 2016-11-04 2019-10-22 Microsoft Technology Licensing, Llc Enriching data in an isolated collection of resources and relationships
US10614057B2 (en) 2016-11-04 2020-04-07 Microsoft Technology Licensing, Llc Shared processing of rulesets for isolated collections of resources and relationships
CN110990878A (zh) * 2019-12-13 2020-04-10 支付宝(杭州)信息技术有限公司 一种隐私数据衍生图的构建方法
US10885114B2 (en) 2016-11-04 2021-01-05 Microsoft Technology Licensing, Llc Dynamic entity model generation from graph data
US11093556B2 (en) 2015-10-30 2021-08-17 Convida Wireless, Llc Restful operations for semantic IoT
US11475320B2 (en) 2016-11-04 2022-10-18 Microsoft Technology Licensing, Llc Contextual analysis of isolated collections based on differential ontologies
US12001580B1 (en) * 2021-08-27 2024-06-04 Workday, Inc. Security description framework

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6044466A (en) * 1997-11-25 2000-03-28 International Business Machines Corp. Flexible and dynamic derivation of permissions
US20020174126A1 (en) * 2001-05-15 2002-11-21 Britton Colin P. Methods and apparatus for real-time business visibility using persistent schema-less data storage
US20080005175A1 (en) * 2006-06-01 2008-01-03 Adrian Bourke Content description system
US7318055B2 (en) * 2001-05-15 2008-01-08 Metatomix, Inc. Methods and apparatus for querying a relational data store using schema-less queries
US20080120594A1 (en) * 2006-11-20 2008-05-22 Bruce David Lucas System and method for managing resources using a compositional programming model

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7058637B2 (en) * 2001-05-15 2006-06-06 Metatomix, Inc. Methods and apparatus for enterprise application integration
AUPR796701A0 (en) * 2001-09-27 2001-10-25 Plugged In Communications Pty Ltd Database query system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6044466A (en) * 1997-11-25 2000-03-28 International Business Machines Corp. Flexible and dynamic derivation of permissions
US20020174126A1 (en) * 2001-05-15 2002-11-21 Britton Colin P. Methods and apparatus for real-time business visibility using persistent schema-less data storage
US7318055B2 (en) * 2001-05-15 2008-01-08 Metatomix, Inc. Methods and apparatus for querying a relational data store using schema-less queries
US20080005175A1 (en) * 2006-06-01 2008-01-03 Adrian Bourke Content description system
US20080120594A1 (en) * 2006-11-20 2008-05-22 Bruce David Lucas System and method for managing resources using a compositional programming model

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090119300A1 (en) * 2007-11-01 2009-05-07 Sun Microsystems, Inc. Technique for editing centralized digitally encoded information
US20120303678A1 (en) * 2008-05-23 2012-11-29 Nokia Corporation Apparatus, method and computer program product for processing resource description framework statements
US8903862B2 (en) * 2008-05-23 2014-12-02 Nokia Corporation Apparatus, method and computer program product for processing resource description framework statements
USRE46690E1 (en) * 2009-05-29 2018-01-30 Nokia Technologies Oy Method and system of splitting and merging information spaces
US20110119310A1 (en) * 2009-11-18 2011-05-19 Oracle International Corporation Incremental inference
US8250106B2 (en) * 2009-11-18 2012-08-21 Oracle International Corporation Incremental inference
US9058353B2 (en) 2010-03-15 2015-06-16 Vmware, Inc. Computer relational database method and system having role based access control
US9852206B2 (en) 2010-03-15 2017-12-26 Vmware, Inc. Computer relational database method and system having role based access control
US9195707B2 (en) 2010-03-15 2015-11-24 Vmware, Inc. Distributed event system for relational models
US9384361B2 (en) 2010-03-15 2016-07-05 Vmware, Inc. Distributed event system for relational models
US10430430B2 (en) * 2010-03-15 2019-10-01 Vmware, Inc. Computer relational database method and system having role based access control
US20110302180A1 (en) * 2010-03-15 2011-12-08 DynamicOps, Inc. Computer relational database method and system having role based access control
US8688612B2 (en) * 2010-11-02 2014-04-01 Korea Institute Of Science & Technology Information Method and device for saving triple for verifying reason and incremental reasoning, and method and device for reason-dependent indexing appropriate for same
WO2012093198A1 (fr) * 2011-01-03 2012-07-12 Nokia Corporation Méthode et appareil fournissant une protection contre les ontologies malicieuses
US8782039B2 (en) 2011-02-28 2014-07-15 International Business Machines Corporation Generating a semantic graph relating information assets using feedback re-enforced search and navigation
US8751487B2 (en) * 2011-02-28 2014-06-10 International Business Machines Corporation Generating a semantic graph relating information assets using feedback re-enforced search and navigation
US9646110B2 (en) 2011-02-28 2017-05-09 International Business Machines Corporation Managing information assets using feedback re-enforced search and navigation
US9652559B2 (en) 2011-02-28 2017-05-16 International Business Machines Corporation Managing information assets using feedback re-enforced search and navigation
US20120221555A1 (en) * 2011-02-28 2012-08-30 International Business Machines Corporation Generating a semantic graph relating information assets using feedback re-enforced search and navigation
US8924385B2 (en) * 2011-04-12 2014-12-30 Microsoft Corporation Query-based diagrammatic presentation of data
US20120265773A1 (en) * 2011-04-12 2012-10-18 Microsoft Corporation Query-based diagrammatic presentation of data
US9251232B2 (en) * 2012-02-23 2016-02-02 Fujitsu Limited Database controller, method, and system for storing encoded triples
US20140067762A1 (en) * 2012-02-23 2014-03-06 Fujitsu Limited Database controller, method, and system for storing encoded triples
US9177001B2 (en) * 2012-04-30 2015-11-03 International Business Machines Corporation Data index using a linked data standard
US9177000B2 (en) * 2012-04-30 2015-11-03 International Business Machines Corporation Data index using a linked data standard
US10042836B1 (en) * 2012-04-30 2018-08-07 Intuit Inc. Semantic knowledge base for tax preparation
US20140032494A1 (en) * 2012-04-30 2014-01-30 International Business Machines Corporation Data index using a linked data standard
US20130290253A1 (en) * 2012-04-30 2013-10-31 International Business Machines Corporation Data index using a linked data standard
US8756237B2 (en) * 2012-10-12 2014-06-17 Architecture Technology Corporation Scalable distributed processing of RDF data
US20140108414A1 (en) * 2012-10-12 2014-04-17 Architecture Technology Corporation Scalable distributed processing of rdf data
CN105637542A (zh) * 2014-01-07 2016-06-01 富士施乐株式会社 信息处理装置、信息处理程序、存储介质及信息处理方法
US20160196288A1 (en) * 2014-01-07 2016-07-07 Fuji Xerox Co., Ltd. Information processing apparatus, storage medium, and information processing method
US10380080B2 (en) * 2014-01-07 2019-08-13 Fuji Xerox Co., Ltd. Information processing apparatus, storage medium, and information processing method
CN104361017A (zh) * 2014-10-17 2015-02-18 同济大学 一种基于统一语义理解的交通信息处理方法
US10042619B2 (en) * 2015-08-25 2018-08-07 Cognizant Technology Solutions India Pvt. Ltd. System and method for efficiently managing enterprise architecture using resource description framework
US20170060542A1 (en) * 2015-08-25 2017-03-02 Cognizant Technology Solutions India Pvt. Ltd. System and method for efficiently managing enterprise architecture using resource description framework
US11093556B2 (en) 2015-10-30 2021-08-17 Convida Wireless, Llc Restful operations for semantic IoT
US10452672B2 (en) 2016-11-04 2019-10-22 Microsoft Technology Licensing, Llc Enriching data in an isolated collection of resources and relationships
US10402408B2 (en) 2016-11-04 2019-09-03 Microsoft Technology Licensing, Llc Versioning of inferred data in an enriched isolated collection of resources and relationships
US10481960B2 (en) 2016-11-04 2019-11-19 Microsoft Technology Licensing, Llc Ingress and egress of data using callback notifications
US10614057B2 (en) 2016-11-04 2020-04-07 Microsoft Technology Licensing, Llc Shared processing of rulesets for isolated collections of resources and relationships
US10885114B2 (en) 2016-11-04 2021-01-05 Microsoft Technology Licensing, Llc Dynamic entity model generation from graph data
CN109937402A (zh) * 2016-11-04 2019-06-25 微软技术许可有限责任公司 使用回调通知进行数据的出口和入口
US11475320B2 (en) 2016-11-04 2022-10-18 Microsoft Technology Licensing, Llc Contextual analysis of isolated collections based on differential ontologies
EP4152157A1 (fr) * 2016-11-04 2023-03-22 Microsoft Technology Licensing, LLC Entrée et sortie de données à l'aide de notifications de rappel
US20190312881A1 (en) * 2017-04-10 2019-10-10 Dipankar Dasgupta Multi-user permission strategy to access sensitive information
US11503035B2 (en) * 2017-04-10 2022-11-15 The University Of Memphis Research Foundation Multi-user permission strategy to access sensitive information
CN110990878A (zh) * 2019-12-13 2020-04-10 支付宝(杭州)信息技术有限公司 一种隐私数据衍生图的构建方法
US12001580B1 (en) * 2021-08-27 2024-06-04 Workday, Inc. Security description framework

Also Published As

Publication number Publication date
EP1973053A1 (fr) 2008-09-24
EP2126777A1 (fr) 2009-12-02
WO2008113993A1 (fr) 2008-09-25

Similar Documents

Publication Publication Date Title
US20100030725A1 (en) Data triple user access
US10726505B2 (en) Following data records in an information feed
US20210385087A1 (en) Zero-knowledge identity verification in a distributed computing system
US20200117491A1 (en) Framework for custom actions on an information feed
US11082226B2 (en) Zero-knowledge identity verification in a distributed computing system
US9594778B1 (en) Dynamic content systems and methods
US9378392B2 (en) Methods and systems for controlling access to custom objects in a database
US10331798B2 (en) Methods and systems for analyzing a network feed in a multi-tenant database system environment
US8407205B2 (en) Automating sharing data between users of a multi-tenant database service
US9563712B2 (en) Computer implemented methods and apparatus for providing internal custom feed items
KR101475964B1 (ko) 공유되는 커스터마이즈가능한 멀티-테넌트 데이터의 메모리내 캐싱
US20180143983A1 (en) Computer implemented methods and apparatus for recommending events
US20160366236A1 (en) Business networking information feed alerts
JP5710851B2 (ja) 影響分析のためのシステムおよび方法
US20150220587A1 (en) Creating and managing granular relationships on an online social network
US11138311B2 (en) Distributed security introspection
US20110225118A1 (en) System, method and computer program product for conditionally sharing an object with one or more entities
US9171150B2 (en) System and method for dynamic analysis tracking objects for application dataflow
US11003662B2 (en) Trigger-free asynchronous maintenance of custom indexes and skinny performance meta-structures
US10909070B2 (en) Memory efficient policy-based file deletion system
US20120143837A1 (en) Methods and systems for loose coupling between triggers and entities
CN110291515A (zh) 计算系统中的分布式索引搜索
Chitti et al. Keeping data inter-related in a Blockchain
US11892992B2 (en) Unique identification management
US11061748B2 (en) Systems, methods, and devices for code distribution and integration within a distributed computing platform

Legal Events

Date Code Title Description
AS Assignment

Owner name: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY,

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MENDIS, VENURE CHAKRI;FOSTER, PAUL WILLIAM;REEL/FRAME:023244/0906

Effective date: 20080401

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION